This script is Copyright (C) 2014 Tenable Network Security, Inc.
The remote Debian host is missing a security-related update.
Jan Juergens discovered a buffer overflow in the parser for SMS
messages in Asterisk.
An additional change was backported, which is fully described in
With the fix for AST-2013-007, a new configuration option was added in
order to allow the system administrator to disable the expansion
of'dangerous' functions (such as SHELL()) from any interface which is
not the dialplan. In stable and oldstable this option is disabled by
default. To enable it add the following line to the section
'[options]' in /etc/asterisk/asterisk.conf (and restart asterisk)
live_dangerously = no
See also :
Upgrade the asterisk packages.
For the oldstable distribution (squeeze), this problem has been fixed
in version 1:184.108.40.206-2+squeeze12.
For the stable distribution (wheezy), this problem has been fixed in
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.3
Public Exploit Available : false